Online trials engage the public to help resolve disputes and controversies – crowdsourcing potential solutions from experts and others with knowledge or opinions about the cases on trial. Anyone can participate by offering comments and/or suggestions for how cases should be resolved. Online polling measures public preference for the suggested resolutions, and a "verdict" for the trial.

Help resolve this case and win the cash reward.

Anyone can participate.

The theft of 143 million consumers' financial and identification data from Equifax is extremely serious. Victims face an entire lifetime of combating potential fraud and theft. Equifax makes more than $3 billion per year on consumers’ backs, but the breach was reportedly caused by Equifax’ negligence in properly fixing a known problem.

And it’s not just a matter of fraudulent accounts being opened. Even victims’ tax refunds, social security benefits, employment histories and prescription drugs may be at risk - for life.

What’s worse, Equifax didn’t tell anyone about the breach for some six weeks. Who should have been told?

Consumers who didn’t consent to having their information stored and sold in the first place and may still not understand that Equifax had their information. (Formal notification had still not been made to individual consumers as of writing.)

Businesses that bought compromised information and used it to extend credit. Consumers ultimately pay when businesses are defrauded.

Regulators, who have been debating measures to weaken credit bureau accountability and the CFPB after being lobbied to the tune of $3 million per year by credit bureaus.

State requirements for notification ranges from 15 days to “without reasonable delay.” New European Union rules specify notification of a breach within 72 hours, and consumers may recover damages if proper notification isn’t

received.

Equifax’s response is wholly inadequate. First, it asked consumers to find out if they were victims by entering their information into an easily-cloned dedicated website - EquifaxSecurity2017.com. Then it accidentallydirected Twitter users to a fake cloned site, SecurityEquifax2017.com.

Equifax’ insulting first offer was for free credit monitoring and fraud protection for a year - with fine print committing consumers to arbitration. Because a credit freeze is a far better option (though unpalatable for credit bureaus) Equifax

has now agreed to lift the “credit freeze” fees permitted in some states until

November 21. But consumers must freeze their credit at all four credit bureaus

in order to be protected, and may also be required to pay fees for “thawing” their own credit as needed ($0-&10 per bureau, per occurrence). Moreover, the security PINs required for thawing are reportedly easily guessed, leaving consumers confused about their best course of action.

Core issues to be considered and discussed below:

Was Equifax negligent? Could the breach have been prevented? Was Equifax’ rapid expansion under Richard F Smith a factor?

Should Equifax have notified consumers sooner? Have consumers even been notified?

What risks do consumers face because of the breach?

What economic compensation does Equifax owe consumers whose information was stolen? Businesses that relied on it?

Should consumers have more rights over the sale of their personal data –including the right to opt out entirely from data sharing?

What actions should consumers take, and what will it cost in time and money? Will inclusion in a class action suit prevent consumers from pursuing damages for actual economic harm later?

Changes under the law - better regulation of the sale and storage of personal data; more rights to privacy and control of data for consumers; more transparency and accountability for all credit bureaus.

1. Was Equifax negligent? Could the breach have been prevented? Was Equifax’ rapid expansion under Richard F Smith a factor?

Equifax was first hacked in March, and then again in May. A vulnerability in Apache Struts2, the open-source software used by many Fortune 500 companies, was identified in early March and a patch was issued. Apache Struts, Cisco, and US-CERT (the
U.S. Computer Emergency Readiness Team, pa

Equifax was first hacked in March, and then again in May. A vulnerability in Apache Struts2, the open-source software used by many Fortune 500 companies, was identified in early March and a patch was issued. Apache Struts, Cisco, and US-CERT (the
U.S. Computer Emergency Readiness Team, part of the Department of Homeland
Security) gave ample notice to businesses using the software. Equifax reportedly fixed some parts of its system but c

Equifax was first hacked in March, and then again in May. A vulnerability in Apache Struts2, the open-source software used by many Fortune 500 companies, was identified in early March and a patch was issued. Apache Struts, Cisco, and US-CERT (the
U.S. Computer Emergency Readiness Team, part of the Department of Homeland
Security) gave ample notice to businesses using the software. Equifax reportedly fixed some parts of its system but clearly missed others, and the May breach continued undetected for months. Under Richard F Smith, Equifax has expanded very rapidly, especially in human resources and global data fields. The more moving parts there are, the harder it is to keep up with all parts of the system.

2. Should Equifax have notified consumers sooner? Have consumers even been notified?

3 Comments

Equifax and other companies have lobbied vigorously against increased regulation, and regulators have repeatedly balked at creating a national standard for notifying victims about a data breach. State notification laws vary widely, but most simply state that notification of a breach should be "witho

Equifax and other companies have lobbied vigorously against increased regulation, and regulators have repeatedly balked at creating a national standard for notifying victims about a data breach. State notification laws vary widely, but most simply state that notification of a breach should be "without reasonable delay." However, as data breaches have become more common and more potentially damaging, the European Union has put a 72-hour rule into

Equifax and other companies have lobbied vigorously against increased regulation, and regulators have repeatedly balked at creating a national standard for notifying victims about a data breach. State notification laws vary widely, but most simply state that notification of a breach should be "without reasonable delay." However, as data breaches have become more common and more potentially damaging, the European Union has put a 72-hour rule into place. Many experts and consumers feel that similar legislation is long past due in the US. It is not known whether all victims have been notified by mail or whether Equifax is relying on press reports as notification.

To prevail in a lawsuit, consumers will need to prove harm, particularly economic harm. Actual identity theft is a huge time and money suck for victims, who face real misery while trying to prove and remedy the problem.

Those who haven't had their identity stolen YET face anxiety and must stay vigil

To prevail in a lawsuit, consumers will need to prove harm, particularly economic harm. Actual identity theft is a huge time and money suck for victims, who face real misery while trying to prove and remedy the problem.

Those who haven't had their identity stolen YET face anxiety and must stay vigilant for life. If consumers are included in a class action lawsuit and don't opt out, they will likely receive virtually no compensation (although the lawye

To prevail in a lawsuit, consumers will need to prove harm, particularly economic harm. Actual identity theft is a huge time and money suck for victims, who face real misery while trying to prove and remedy the problem.

Those who haven't had their identity stolen YET face anxiety and must stay vigilant for life. If consumers are included in a class action lawsuit and don't opt out, they will likely receive virtually no compensation (although the lawyers will profit handsomely). More importantly - would they be unable to file a lawsuit for actual harm later?

5. Should consumers have more rights over the sale of their personal data – including the right to opt out entirely from data sharing?

1 Comment

Consumers resent their personal data and everyday life being packaged and sold. Equifax even captures mundane Tweets, matches them with credit files, and packages them for sale. But it's not just credit bureaus. In April, Congress rolled back new FCC privacy protection rules. Companies like Spo

Consumers resent their personal data and everyday life being packaged and sold. Equifax even captures mundane Tweets, matches them with credit files, and packages them for sale. But it's not just credit bureaus. In April, Congress rolled back new FCC privacy protection rules. Companies like Spokeo also mine and sell data, and consumers simply can't keep track of all the sites they need to try to opt out of.

Consumers should demand that legis

Consumers resent their personal data and everyday life being packaged and sold. Equifax even captures mundane Tweets, matches them with credit files, and packages them for sale. But it's not just credit bureaus. In April, Congress rolled back new FCC privacy protection rules. Companies like Spokeo also mine and sell data, and consumers simply can't keep track of all the sites they need to try to opt out of.

Consumers should demand that legislators enforce transparency and protect their rights over their own privacy and data.

6. What actions should consumers take, and what will it cost in time and money? Will inclusion in a class action suit prevent consumers from pursuing damages for actual economic harm later?

Consumers have no clear path. They must freeze their credit at all four credit bureaus to potentially guard against future use of their data, but face fees for freezing and/or thawing in many states. Also, the PIN numbers necessary for a thaw are reportedly insecure - which leaves many consumers uns

Consumers have no clear path. They must freeze their credit at all four credit bureaus to potentially guard against future use of their data, but face fees for freezing and/or thawing in many states. Also, the PIN numbers necessary for a thaw are reportedly insecure - which leaves many consumers unsure as to whether it would be better to wait.

There's also no clear path regarding class action lawsuits. Just as the first people to use the EquifaxSecurit

Consumers have no clear path. They must freeze their credit at all four credit bureaus to potentially guard against future use of their data, but face fees for freezing and/or thawing in many states. Also, the PIN numbers necessary for a thaw are reportedly insecure - which leaves many consumers unsure as to whether it would be better to wait.

There's also no clear path regarding class action lawsuits. Just as the first people to use the EquifaxSecurity2017 site unwittingly agreed to arbitration (that fine print has since been removed), consumers who don't opt out of a pittance received in a class action lawsuit may not be able to later recover real damages.

7. What action should Equifax’ Board of Directors take? Should Equifax executives be fired and/or required to pay past salary, bonuses and stock options into a victim compensation fund?

It isn't yet clear whether Equifax' Board themselves share part of the blame. Should they have questioned Equifax executives more closelyabout security measures, the reported hack in March, problems endemic in increased data-type collection, etc.? They must also rigorously investigate whe

It isn't yet clear whether Equifax' Board themselves share part of the blame. Should they have questioned Equifax executives more closelyabout security measures, the reported hack in March, problems endemic in increased data-type collection, etc.? They must also rigorously investigate whether there is any truth to alleged insider trading - and if those top executives didn't know about the hacking, find out why they didn't when it was

It isn't yet clear whether Equifax' Board themselves share part of the blame. Should they have questioned Equifax executives more closelyabout security measures, the reported hack in March, problems endemic in increased data-type collection, etc.? They must also rigorously investigate whether there is any truth to alleged insider trading - and if those top executives didn't know about the hacking, find out why they didn't when it was clearly a very serious event.

Solution: Equifax should declare bankruptcy and, with the approval of a bankruptcy court, create a plan of reorganization that distributes at least 90% of the shares in the new Equifax to the class of all consumers monitored in its credit-monitoring database.

Support: The stock market capitalization of Equifax (share price x shares issued) as of 29 September 2017 is approximately US$12.7 billion. The US Federal Trade Commission reported 143 million potential accounts affected; but the incident also affects consumers in other countries. As such the transfer of ownership of all shares of stock in Equifax to the holders of potentially affected accounts would allow for a recovery of approximately $88 per US consumer account (12.7 billion / 143 million ~ 88.81). Generally, it would be reasonable to expect that the value to a consumer of avoiding the exposure of their identifying information to criminals to be in excess of what consumers pay for identity protection products such as Lifelock or Equifax's monitoring. In general these products have an ongoing cost of over $100/year, so it is reasonable to assume the value to many consumers of keeping the information secure was at least $100/year and perhaps much, much more. This strongly suggests that the combined value of claims against Equifax exceeds the current stock market value of Equifax and thus a reorganization or dissolution under the bankruptcy laws should be seriously considered.

A dissolution is also an option under the bankruptcy laws. However, like most companies, the value of Equifax is primarily from future potential earnings and not in current cash and property, less debts. Given a Price/Book ratio of approximately 5, a complete dissolution of Equifax is likely to yield less than 20% of the current market capitalization, which places the amount that could be returned per potentially affected consumer in a dissolution at less than US$18. While discouraging, that is all there is.

Your math helps me realize how hopeless a traditional class action would be in this case. As we all know, attorneys always make out like bandits and consumers get a coupon. If I'm right and you'd also sign away your rights to damages in the case of any future harm - serious economic harm - then there's 0 percentage in voluntarily or involuntarily opting into a traditional class action. The main benefit of class actions is usually regulatory, but this case is so serious and far-reaching that the regulators should have their livers pecked out by ravens if they fail to act to protect consumers properly.

Very interesting and very logical solution. Do you think the company would voluntarily agree to any such thing? The shareholders would be mightily upset. Question: You obviously know a lot about security, but you apparently haven't checked your social security number yet and signed up for Equifax's program. Why not?

Suggest a Resolution

Recover damages.

PeopleClaim online trials can help resolve disputes against product or service providers,
or explore general issues of public interest or controversy. The goal is to debate
the issues and discover solutions that reflect public opinion on fairness of policy
or practice.

It's easy. Simply review the case in the blue box (above left) and suggest a resolution.
If both sides like your proposal, you'll earn recognition points and any cash reward
offered for helping resolve it.

Also, if you have a case of your own and offer a reward for best resolution (minimum
$20), our resolution community can help you. Our goal is to engage the public to
help resolve disputes of any kind quickly, easily, and fairly.

Don't just join the discussion. Help create the solution.

How you can participate:

Anyone can comment, debate the case’s merits, vote for the best solution, and
advocate for either side. The best solution receives the reward.

Timeline: Public Mediation of Consumers and Businesses v. Equifax

Timeline

Former Equifax CEO Richard Smith testifies that both parts of Equifax's two-part protocol for fixing vulnerabilities - deploying an internal patch and then scanning the system for further vulnerabilities - failed. “Both the human deployment of the patch and the scanning deployment did not work,” he told Congress. “The protocol was followed.”

Former Equifax CEO Richard Smith testifies before the U.S. House Committee on Energy and Commerce. He says that Equifax's information security department ran scans on March 15 but failed to identify the Apache Struts vulnerability, which therefore wasn't patched as recommended. He further says that Equifax, once it had identified the problem, ran into challenges in its remediation efforts that proved overwhelming, "and, regrettably, mistakes were made."

The IRS finalizes a contract worth $7.25 million with Equifax. Under the no-bid contract Equifax will verify taxpayer identities and "assist in ongoing identity verification and validations" at the IRS. Some lawmakers and consumers initially believe reports to be an Onion article.

Bloomberg, in an article titled "The Equifax Hack Has the Hallmarks of State-Sponsored Pros," reports that a rift between cyber security firm Mandiant may have played a part in the length of time the hackers were able to operate inside Equifax, customizing tools and establishing 30 separate portals. "Mandiant warned Equifax that its unpatched systems and misconfigured security policies could indicate major problems, a person familiar with the perspectives of both sides said. For its part, Equifax believed Mandiant had sent an undertrained team without the expertise it expected from a marquee security company. " Bloomberg also notes that investigations are focusing on the possibility that the hackers had inside help, and the probability that an initial team of hackers handed the job on to a team of and state-sponsored hackers (possibly Chinese).

Interim CEO Paulino do Rego Barros Jr. extends its offer of free credit freezes and the free TrustedID Premier credit monitoring tool until the end of January. This comes amidst mounting consumer frustration with the Equifax website and call centers. Barros also announces the development of a new consumer tool. "By Jan. 31, Equifax will offer a new service allowing all consumers the option of controlling access to their personal credit data. The service we are developing will let consumers easily lock and unlock access to their Equifax credit files. You will be able to do this at will. It will be reliable, safe and simple. Most significantly, the service will be offered free, for life."

Equifax CEO Richard Smith retires with a reported $90 million payday. While Smith will forfeit his 2017 bonus of $3 million or so, Fortune calculates that he will collect $72 million this year and the rest over the next few years (based on security filings). Equifax reserves the right to change "retired" to "fired," depending on how the investigation of the breach turns out.

Aug. 1 and 2 – CFO John Gamble, President of US Information Solutions Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder, sell a total of nearly $1.8 million in Equinox stock. The US Department of Justice (DOJ) has opened a criminal investigation into possible insider trading.

Panel Discussion

PeopleClaim is a pre-litigation negotiation platform that allows parties to combine
claims against counterparties in order to negotiate group or individual settlements
that avoid litigation, increase recovery amounts, and settle cases more constructively.
The process does not requre a lawyer or legal representation and does not carry
the force of law.Counterparties
are not required to respond or enter negotiations, but the process offers the benefit of mediated settlement without the uncertainty,
expense, and risk of formal legal action. Unresolved claims may be referred to licensed
members of PeopleClaims' resolution community for formal legal action, including
class action in some cases. Anyone can join a public mediation, subject to the lead
claimant's criteria. The responding party may also require proof of claim, account
verification, or other criteria for settlement.Read more...

How public mediation works

Lead plaintiff opens case

Join a case or start your own.Any type. Large or small.

Case grows as others join

Get the power of numbers. Bigger is better.

Public helps negotiate fair resolution

Legal and industry pros, consumer advocates, and others help find the best resolution.

Claim Filing. File a claim against another party for direct
party-to-party complaint resolution. At claimant's option unresolved claims post
publicly after 10 days.
File a claim

Online Trials. Put a public controversy or personal commercial
dispute on trial. This creates a public trial format where you can invite advocates
and offer a reward for best resolution.
Put
it on trial

Which option is best for my problem?

File a PeopleClaim for most disputes with product and service
providers. Claims go directly to the party you're having a problem with. You can
request refunds, compensation, damages, or anything else that will satisfy your
issue. There's no charge to file a claim or use the system's negotiation features,
and optional services such as public posting are available at a nominal charge.
File a claim

Choose PeopleClaim trials if you're looking to put the spotlight
on a controversy, clarify opposing points of view, or crowdsource creative ideas
for resolving difficult issues. PeopleClaim trials can also be an effective escalation
step for a party-to-party PeopleClaim that's still unresolved. An online trial and
"public verdict" may help both parties find a resolution they both can agree on.
Put it on trial

Welcome to
Public Mediation of Consumers and Businesses v. Equifax
public mediation.

Our goal is to resolve this dispute – online, and with your help.

Anyone can participate by commenting, proposing a resolution,
or upvoting someone else's resolution. We'll communicate
results to the parties and ask them to consider your suggestions for how to resolve
the case.

Through your help we're expanding access to justice and helping fix the legal system.

Frequently Asked Questions

PeopleClaim trials allow you to connect with people who can get your case resolved
by competing to find the best resolution. Our resolution community includes lawyers
and mediators, industry experts, consumer advocates, and regular people like you
with a sense of justice and a desire to help.

Members of our resolution community are invited to propose resolutions to posted
disputes. The disputing parties can then review, rank, and request more feedback
on contributed solutions. This helps both sides define their issues and discover
resolutions that meet their mutual needs and interests. Importantly, it also helps
reflect public opinion about the fairest resolution to any problem — something becoming
increasingly important to businesses and often more motivating than traditional
legal remedies. In other words, PeopleClaim helps businesses resolve disputes based
on public expectations of fairness and good business practices and policies rather
than traditional legal processes involving threats, negativity, and complicated
legal procedure. Both parties win by finding the best solution at the least cost,
allowing them to settle their case and move on.

Because PeopleClaim is a fairness-based system of justice, anyone can participate,
regardless of their skill, training, or background. Cases are resolved because everyone
has a basic sense of fairness, and people with specific expertise can help provide
insights and information that may be important in finding common ground. Our resolution
community includes lawyers, professional mediators, consumer advocates, people experienced
in different industries, and anyone with a sense of justice.

See how PeopleClaim works:

Important: PeopleClaim is a public dispute resolution system providing claim
filing and online "trials" to settle party-to-party disputes and engage discussion
in matters of public interest or controversy. PeopleClaim is not a court of law,
and decisions arrived at through PeopleClaim trials do not legally bind disputing
parties unless by mutual agreement. Terms such as "court," "trial," "verdict," "plaintiff,"
"respondent," "advocate," "neutral," "argument," "rebuttal," and other words borrowed
from law are not used in their technical legal sense and should not be interpreted
as such. The goal of PeopleClaim Online Trials is to increase public participation
in dispute resolution and public policy by airing, debating, and seeking resolutions
to matters of public interest as well as commercial disputes.

Parties participating in PeopleClaim trials have the option to resolve their disputes
through mutual consent, under terms proposed by other trial participants such as
"advocates," "neutrals," and others. PeopleClaim does not enforce any such agreements
or promise any outcome to trials hosted on its site. PeopleClaim is not responsible
for content posted in either public trials or in party-to-party claims registered
at PeopleClaim.com. All trial content, including case summaries, rebuttals, suggested
resolutions, and comments, are solely the responsibility of the posting parties.PeopleClaim
does not review or evaluate the merits of opinions posted on its site by trial participants
or others.

PeopleClaim is not a law firm and does not provide legal advice or legal services.